Spearphishing is an email spoofing technique and one of the more prevalent ways to target a specific organization or entity to seek unauthorized access to confidential data. Attacks typically begin with a reconnaissance phase in which perpetrators identify appropriate recipients for spearphishing emails. These targets may comprise individuals that are carefully chosen based on information, for example, relating to their roles in the specific organization or entity, which may directly correspond with their likelihood of access to confidential data. It is also common for perpetrators to indirectly target a specific organization or entity by spearphishing consultants or contractors, who are not employees of the organization or entity, but may nevertheless have access to confidential data. However, most organizations or entities are typically unaware of which employees, consultants, or contractors would be likely targets of spearphishing schemes. Conventional computer security techniques lack intelligence and capacity to predict and protect likely spearphishing targets.
In view of the foregoing, it may be understood that there may be significant problems and shortcomings associated with conventional spearphishing security technologies.